CN115114657A - Data protection method, electronic device and computer storage medium - Google Patents

Data protection method, electronic device and computer storage medium Download PDF

Info

Publication number
CN115114657A
CN115114657A CN202210726301.7A CN202210726301A CN115114657A CN 115114657 A CN115114657 A CN 115114657A CN 202210726301 A CN202210726301 A CN 202210726301A CN 115114657 A CN115114657 A CN 115114657A
Authority
CN
China
Prior art keywords
data
target
verification
key
verification message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210726301.7A
Other languages
Chinese (zh)
Inventor
孙波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Infosec Technologies Co Ltd
Original Assignee
Beijing Infosec Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Infosec Technologies Co Ltd filed Critical Beijing Infosec Technologies Co Ltd
Priority to CN202210726301.7A priority Critical patent/CN115114657A/en
Publication of CN115114657A publication Critical patent/CN115114657A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a data protection method, electronic equipment and a computing storage medium. Wherein a configuration request is received; the configuration request comprises a data identifier; reading the data to be protected indexed by the data identification from a database; generating a verification message of the data to be protected based on a target key; and correspondingly storing the data identification, the verification message and the key information of the target key into a target record. According to the technical scheme provided by the embodiment of the application, the safety verification can be completed on the premise that the data in the database does not leave the database system, and the high efficiency of the verification of the data to be protected is ensured.

Description

Data protection method, electronic device and calculation storage medium
Technical Field
The embodiment of the application relates to the technical field of data protection, in particular to a data protection method, electronic equipment and a computing storage medium.
Background
In practical application, there is a need to verify data in a database, and in related technologies, in order to ensure data security, an encryption and decryption manner is usually adopted, data is encrypted and transmitted from the database to a calling party, and after the calling party decrypts the data to obtain the data, security verification is performed on the data. However, this method is not efficient enough, and will affect the query efficiency of the original business logic and data.
Disclosure of Invention
The embodiment of the application provides a data protection method, electronic equipment and a computing storage medium, which are used for improving data security.
In a first aspect, an embodiment of the present application provides a data protection method, including: receiving a configuration request; the configuration request comprises a data identification;
reading the data to be protected indexed by the data identification from a database;
generating a verification message of the data to be protected based on a target key;
correspondingly storing the data identification, the verification message and the key information of the target key into a target record; the target record is used for searching corresponding first verification information and first key information according to a target data identifier required to be verified; the first key information is used for generating a second verification message from the target data indexed by the target data identifier; the first verification message is used for performing security verification on the target data in combination with the second verification message.
Optionally, the receiving the configuration request includes:
receiving a configuration request sent by a control end; the configuration request is generated by the control end responding to the configuration operation of a caller;
correspondingly storing the data identifier, the verification message and the key information corresponding to the target key into a target record comprises:
and correspondingly storing the data identification, the verification message and the key information into a target record of the control end.
Optionally, the key information is a key identifier; the method further comprises the following steps:
receiving and storing different key identifications and corresponding keys respectively sent by the control end;
wherein, the configuration request comprises a target key identifier; after receiving the configuration request, the method further comprises:
and searching the target key corresponding to the target key identification.
Optionally, the method further includes receiving an update request for a target key identifier sent by the control end, and updating the target key.
Optionally, the reading of the data to be protected of the data identification index from the database includes:
packaging the configuration request into a query statement; the query statement is used for searching the data to be protected indexed by the data identifier in the database;
and reading the data to be protected of the data identification index based on the query statement.
Optionally, the generating a verification message of the data to be protected based on the target key includes:
carrying out character recombination on the data to be protected indexed by at least one data identifier to obtain recombined data;
and carrying out algorithm processing on the recombined data based on the target key to generate a verification message.
Optionally, the correspondingly storing the data identifier, the verification message, and the key information into the target record of the control end includes:
writing the data identification, the verification message and the key information into a record table configured in advance in the database;
and sending the record table to a control end so that the control end can store the record table as a target record.
Optionally, the receiving the configuration request includes: a caller-triggered configuration request is received.
In a second aspect, an embodiment of the present application provides a data protection method, including: responding to configuration operation, determining a data identifier, sending a configuration request containing the data identifier to an execution end, so that the execution end reads the data to be protected indexed by the data identifier from a database, and generating a verification message of the data to be protected by using a target key;
receiving the data identifier, the verification message and the key information of the target key sent by the execution end;
correspondingly storing the data identification, the verification message and the key information into a target record; the target record is used for searching corresponding first verification information and first key information according to a target data identifier required to be verified; the first key information is used for generating a second verification message from the target data indexed by the target data identifier; the first verification message is used for performing security verification on the target data in combination with the second verification message.
Optionally, said determining the data identity in response to the configuration operation comprises:
providing an operation interface;
displaying configuration prompt information on the operation interface;
and determining the data identification of the configuration in response to the configuration operation triggered by the configuration prompt information.
Optionally, the sending the configuration request including the data identifier to the execution end includes:
packaging the configuration request containing the data identifier;
transmitting the configuration request of the data identifier after encapsulation processing to an execution end through a secure channel; wherein the secure channel is used for transmission encryption.
In a third aspect, an embodiment of the present application provides a data protection method, including: receiving an authentication request; wherein the validation request includes a target data identification;
determining a first verification message and first key information corresponding to the target data identifier searched and obtained from a target record; the target record stores verification information and key information corresponding to different data identifications;
reading target data of the target data identification index from a database, and generating a second verification message of the target data by using a first key corresponding to the first key information;
performing security verification on the target data based on the first verification message and the second verification message;
and outputting the verification result of the target data.
Optionally, the receiving the verification request comprises:
receiving a verification request sent by a control end; the verification request comprises the first verification message and the first key information which are searched and obtained by the control terminal from the target record based on the target data identification;
the outputting the verification result of the target data comprises:
and correspondingly sending the target data identification and the corresponding verification result to the control end so that the control end can output the target data identification and the corresponding verification result.
In a fourth aspect, an embodiment of the present application provides a data protection method, including: responding to the verification operation of a calling party, and determining a target data identifier requesting verification;
searching and acquiring a first verification message and first key information corresponding to the target data identifier from a target record; the target record stores verification information and key information corresponding to different data identifications;
sending the first verification message and the first key information corresponding to the target data identifier to an execution end, so that the execution end reads target data indexed by the target data identifier from a database, generates a second verification message of the target data by using a first key corresponding to the first key information, and performs security verification on the target data based on the first verification message and the second verification message;
and outputting the verification result of the target data sent by the execution end.
In the embodiment of the application, the permission required by the protection of the database data is obtained by receiving the configuration request; the configuration request comprises a data identifier, and the data identifier is used for determining the position of the data to be protected in the database; identifying the indexed data to be protected by reading the data from the database; generating a verification message of the data to be protected based on the target key, and using the verification message uniquely corresponding to the data to be protected for later verification of the target data; the data identification, the verification message and the key information of the target key are correspondingly stored in the target record, so that the security verification can be completed on the premise that the data in the database does not leave the database system, and the high efficiency of the verification of the data to be protected is ensured.
These and other aspects of the present application will be more readily apparent from the following description of the embodiments.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1a is a system architecture diagram illustrating one embodiment of a data protection method provided herein;
FIG. 1b is a system architecture diagram illustrating yet another embodiment of a method of data protection provided herein;
FIG. 1c is a system architecture diagram illustrating yet another embodiment of a method of data protection provided herein;
FIG. 2 is a flow chart illustrating one embodiment of a method for data protection provided herein;
FIG. 3 illustrates a flow diagram of yet another embodiment of a method for data protection provided herein;
FIG. 4 illustrates a flow chart of yet another embodiment of a method of data protection provided herein;
FIG. 5 is a flow chart illustrating a further embodiment of a method of data protection provided herein;
FIG. 6 is a block diagram illustrating one embodiment of a data protection device provided herein;
FIG. 7 is a block diagram illustrating yet another embodiment of a data protection device provided herein;
FIG. 8 is a block diagram illustrating yet another embodiment of a data protection device provided herein;
FIG. 9 is a block diagram illustrating yet another embodiment of a data protection device provided herein;
FIG. 10 is a block diagram illustrating one embodiment of a computing device provided herein;
FIG. 11 illustrates a schematic structural diagram of yet another embodiment of a computing device provided herein;
FIG. 12 illustrates a schematic diagram of a further embodiment of a computing device in accordance with the present application;
fig. 13 is a schematic structural diagram illustrating a further embodiment of a computing device provided in the present application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
In some of the flows described in the specification and claims of this application and in the above-described figures, a number of operations are included that occur in a particular order, but it should be clearly understood that these operations may be performed out of order or in parallel as they occur herein, the number of operations, e.g., 101, 102, etc., merely being used to distinguish between various operations, and the number itself does not represent any order of performance. Additionally, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel. It should be noted that, the descriptions of "first", "second", etc. in this document are used for distinguishing different messages, devices, modules, etc., and do not represent a sequential order, nor limit the types of "first" and "second" to be different.
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The technical scheme of the embodiment of the application can be applied to a scene of safety verification of data in a database, for example, in an actual application scene, in daily operation of a database system, various data such as database system safety events, user access records, database system operation logs, database system operation states and database system data are stored in a log auditing system after being processed through standardization, filtration, merging and the like, and after being stored in the log auditing system, the data can be stored and managed in a log form of a uniform format, so that the log auditing system can conveniently and comprehensively audit the daily operation of the database system.
The daily operation of the database system is comprehensively audited through the log auditing system, an administrator can conveniently know the operation condition of the whole database system at any time, abnormal events of the database system can be found in time, when corresponding data in the database are checked through the log auditing system, the corresponding data in the database can be verified according to configuration information provided by the log auditing system, and by adopting the technical scheme provided by the embodiment of the application, the safety verification can be completed on the premise that the data in the database does not leave the database system, and the data safety is ensured. A database system as referred to herein is a data processing system that contains a database.
Fig. 1a shows an exemplary system architecture diagram to which the technical solution of the embodiment of the present application may be applied, and the system architecture may include a control end 101, an execution end 102, a database 103, and a caller 104. In fig. 1a, the execution end 102 may be integrated in the database 103 as an internal plug-in for the database 103, and may be started simultaneously with the database 103 and stopped, and started by the database initialization loading manner. The execution end 102 and the database 103 are included in a database system.
Furthermore, as another alternative, referring to the system architecture diagram shown in fig. 1b, the execution end 102 can also be seen as a separate component deployed in the first server 100 where the database is located. In this case, the execution end 102 and the database 103 may operate as two independent processes of the first server 100. The first server 100 may be a database system.
The control end 101 may be deployed in the second server 200, and the first server 100 and the second server 200 may be different servers.
The caller 104 can perform security verification on the data in the database through the control end 101 and the execution end 102.
In addition, as another embodiment, the technical solution of the embodiment of the present application may also be used in a system architecture as shown in fig. 1c, where the system architecture may be composed of an execution end 102, a database 103, and a caller 104. The execution end 102 and the database 103 are included in a database system.
The caller 104 may interact with the execution end 102 directly, and the execution end 102 performs security verification on the data in the database 103.
In the embodiment of the present application, the execution end 102 may receive a configuration request; the configuration request includes a data identification; reading data to be protected indexed by the data identification from a database; generating a verification message of the data to be protected based on the target key; correspondingly storing the data identification, the verification message and the key information of the target key into a target record; the target record is used for searching corresponding first verification information and first key information according to the target data identification required to be verified; the first key information is used for identifying the indexed target data to generate a second verification message; the first authentication message is used for performing security authentication on the target data in combination with the second authentication message.
The control end 101 may determine a data identifier in response to the configuration operation, and send a configuration request containing the data identifier to the execution end 102, so that the execution end 102 reads the to-be-protected data indexed by the data identifier from the database, and generates a verification message of the to-be-protected data by using the target key; receiving a data identifier, a verification message and key information of a target key sent by the execution end 102; correspondingly storing the data identification, the verification message and the key information into a target record; the target record is used for searching corresponding first verification information and first key information according to the target data identification required to be verified; the first key information is used for identifying the indexed target data to generate a second verification message; the first authentication message is used for performing security authentication on the target data in combination with the second authentication message.
The control end 101 may also receive an authentication request; wherein the verification request includes a target data identification; determining a first verification message and first key information corresponding to a target data identifier obtained by searching in a target record; the target record stores verification information and key information corresponding to different data identifications; reading target data of the target data identification index from the database, and generating a second verification message of the target data by using a first key corresponding to the first key information; performing security verification on the target data based on the first verification message and the second verification message; and outputting the verification result of the target data.
The execution end 102 may also determine a target data identifier for requesting verification in response to a verification operation of a caller; searching and obtaining a first verification message and first key information corresponding to the target data identification from the target record; the target record stores verification information and key information corresponding to different data identifications; sending the target data identifier, the corresponding first verification message and the first key information to the execution end 102, so that the execution end 102 reads the target data indexed by the target data identifier from the database, generates a second verification message of the target data by using the first key corresponding to the first key information, and performs security verification on the target data based on the first verification message and the second verification message; and outputting the verification result of the target data sent by the execution end 102.
The technical solution of the embodiments of the present application will be explained in detail below.
Fig. 2 is a flowchart of an embodiment of a data protection method provided in the present application, where the technical solution of the present embodiment is executed by an execution end, and the method may include the following steps:
201: receiving a configuration request; the configuration request includes a data identification.
Alternatively, in the system architecture shown in fig. 1c, the configuration request triggered by the caller may be directly received. The calling policy may execute a configuration operation in the execution end for the data identifier of the data to be protected, thereby triggering the configuration request.
The data identifier may include a database name, a database table name, a column name, a row number, and a data unique identifier, and the position of the data to be protected in the database may be determined by the data identifier.
Wherein the configuration request may further include port information. The calling party and the execution end communicate through the port, and the execution end can directly obtain the configuration request configured by the control end according to the configuration operation made by the calling party.
As another alternative, in the system architecture shown in fig. 1a or fig. 1b, the configuration request sent by the control end may be received. The configuration request can be generated by the control terminal in response to a configuration operation of a caller, the caller can execute the configuration operation based on the data identification of the data to be protected, so as to trigger the configuration request, and the control terminal sends the configuration request to the execution terminal.
In the system architecture shown in fig. 1a, 1b, or 1c, a configuration request including the data identifier may be received after being encapsulated. The data transmission is facilitated.
202: and reading the data to be protected indexed by the data identification from a database.
The data identification index is determined according to the data identification, when the data to be protected is stored in the database, the data identification index is determined through the data identification, and the position of the data to be protected and the reading, protection and verification of the data to be protected are conveniently determined.
The execution end needs to read the data to be protected of the data identification index from the database, wherein the configuration request further comprises a data read-only password.
The execution end establishes read-only connection with the database by using the data read-only password to finish the reading of the data in the database by the executor.
Specifically, the reading of the data to be protected indexed by the data identifier from the database includes:
packaging the configuration request into a query statement; the query statement is used for searching the data to be protected indexed by the data identifier in the database;
and reading the data to be protected of the data identification index based on the query statement.
After the execution end establishes the read-only connection with the database by using the data read-only password, the relevant information of the data to be protected of the data identification index is sent on the read-only connection, and the data to be protected of the data identification index can be read.
203: and generating a verification message of the data to be protected based on the target key.
And integrity protection can be carried out on the data to be protected through the target secret key, and a verification message corresponding to the data to be protected is obtained.
Optionally, the generating a verification message of the data to be protected based on the target key may include:
carrying out character recombination on the data to be protected indexed by at least one data identification to obtain recombined data;
generating a verification message for the reassembled data based on the target key.
The character recombination is to splice the data to be protected of at least one associated data identification index into a whole, namely the recombined data, and the target key converts the result obtained by performing algorithm processing on the recombined data into a verification message; the algorithm processing can be hash algorithm, digital signature and the like, and the verification message can be a value obtained by converting a hash authentication value and converting a digital signature value and the like.
Wherein, the target key may be provided by the control end, and therefore, the method may further include:
receiving and storing different key identifications and corresponding keys respectively sent by the control end;
the configuration request can also comprise a target key identifier; after receiving the configuration request, the method further includes:
and searching the target key corresponding to the target key identification.
The key is generated by the control end, and when the key is needed to be used, the corresponding key can be found through the corresponding relation between the key identification and the key.
204: and correspondingly storing the data identification, the verification message and the key information of the target key into a target record.
The target record is used for searching corresponding first verification information and first key information according to a target data identifier required to be verified; the first key information is used for generating a second verification message from the target data indexed by the target data identifier; the first verification message is used for performing security verification on the target data in combination with the second verification message.
In addition, the correspondingly storing the data identifier, the verification message, and the key information corresponding to the target key into the target record may include:
writing the data identification, the verification message and the key information into a record table configured in advance in the database;
and sending the record table to a control end so that the control end can store the record table as a target record.
Wherein the configuration request further comprises a data write password. And the execution end establishes write connection with the database by using the data write-in password to complete the write-in of the record table by the executor.
By correspondingly writing the data identification, the verification message and the key information into the record table, the corresponding relation can be more intuitively embodied when the device is used.
Optionally, the correspondingly storing the data identifier, the verification message, and the key information corresponding to the target key into a target record may include:
and correspondingly storing the data identification, the verification message and the key information into a target record of the control end.
The data identification, the verification message and the key information are stored in the target record of the control end, so that the protection of the data to be protected in the database can be completed on the premise of not leaving the database system, and the safety of the data to be protected is ensured.
Wherein, the key information is a key identifier; the method further comprises the following steps:
receiving and storing different key identifications and corresponding keys respectively sent by the control end; wherein, the configuration request includes a target key identifier.
After receiving the configuration request, the method further comprises:
and searching the target key corresponding to the target key identification.
The method further comprises the following steps:
and receiving an updating request aiming at the target key identification sent by the control terminal, and updating the target key.
Specifically, for example, the frequency of the update request for the target key identifier sent by the control end may be set to be updated once in five minutes, and then the control end sends an update request once every time the target key identifier is used for five minutes; the frequency of sending the update request for the target key identifier by the control end can be set to be that the target key identifier participates in the verification data every five times, and then the update request is sent by the control end every five times when the key identifier is used.
In practical application, if the target key is updated in the process of generating the verification message, the execution end does not interrupt the generation process of the verification message, but continues to generate the process, stores the generated verification message and the key information corresponding to the target key into the target record after the process is finished, and stores the updated target key and the key information of the updated target key into the target record after the verification message is generated again.
In the embodiment of the application, a configuration request can be generated for data to be protected, and an execution end acquires the authority required for protecting the database data based on the configuration request; the configuration request comprises a data identifier, and the data identifier is used for determining the position of the data with protection in the database; identifying the indexed data to be protected by reading the data from the database; generating a verification message of the data to be protected based on the target key, and verifying the target data after using the verification message uniquely corresponding to the data to be protected; the data identification, the verification message and the key information of the target key are correspondingly stored in the target record, so that the protection of the data to be protected in the database can be completed on the premise of not leaving the database system, and the safety of the data to be protected, the original service logic and the high efficiency of the verification of the data to be protected later are ensured.
Fig. 3 is a flowchart of an embodiment of a data protection method provided in the present application, where the technical solution of the present embodiment is executed by a control end, and the method may include the following steps:
301: responding to configuration operation, determining a data identifier, sending a configuration request containing the data identifier to an execution end, so that the execution end reads data to be protected indexed by the data identifier from a database, and generating a verification message of the data to be protected by using a target key;
the controller obtains the access right of the data identifier in the database through the configuration of the configuration request, so that when the execution end reads the data to be protected of the data identifier index from the database, the data to be protected of the data identifier index can be read by determining the position of the data to be protected of the data identifier index in the database.
Wherein the determining the data identity in response to the configuration operation may comprise:
providing an operation interface;
displaying configuration prompt information on the operation interface;
and determining the data identification of the configuration in response to the configuration operation triggered by the configuration prompt information.
The control end can be provided with a display screen, an operation page is displayed on the display screen, configuration information is displayed in the operation page, information needing configuration is selected, and after configuration operation is completed, the configured data identification can be determined on the operation page. For example, when an administrator needs to perform configuration operation, an operation page is opened on a display screen, a plurality of configurable options, such as data identifiers, appear in the operation page, the options that need to be configured, such as the data identifiers, are selected, after configuration is confirmed, when data is viewed later, the data identifiers of the data can be displayed by clicking the data, so that the data to be viewed can be verified later.
Wherein the sending the configuration request including the data identifier to the execution end may include:
packaging the configuration request containing the data identifier;
transmitting the configuration request of the data identifier after encapsulation processing to an execution end through a secure channel; wherein the secure channel is used for transmission encryption.
In the process of transmitting the configuration request to the execution end by the control end, potential safety hazards also exist, so the configuration request is encapsulated and then transmitted to the execution end through the Secure channel, wherein in the process of transmitting through the Secure channel, the encapsulated configuration request is transmitted in a data stream mode, the integrity of the transmission of the configuration request is ensured, SSL (Secure Sockets Layer, Secure socket protocol) is a security protocol for providing security and data integrity for network communication, and the Secure channel can protect the integrity of the configuration request through the SSL.
302: receiving the data identifier, the verification message and the key information of the target key sent by the execution end;
303: correspondingly storing the data identification, the verification message and the key information into a target record; the target record is used for searching corresponding first verification information and first key information according to a target data identifier required to be verified; the first key information is used for generating a second verification message from the target data indexed by the target data identifier; the first verification message is used for performing security verification on the target data in combination with the second verification message.
The control end receives the data identification, the verification message and the key information of the target key sent by the execution end, then stores the data identification, the verification message and the key information of all data in the target record, and extracts the corresponding verification message and the corresponding key information from the target record through the target data identification.
In the embodiment of the application, when protecting data, a control end sends a configuration request to an execution end, wherein the configuration request comprises a data identifier for determining the position of the data to be protected, and then after the execution end performs data protection processing, the control end receives the data identifier, a verification message and key information of a target key sent by the execution end, and correspondingly stores the data identifier, the verification message and the key information into a target record for performing security verification on the target data.
Fig. 4 is a flowchart of an embodiment of a data protection method provided by the present application, where the technical scheme of the present embodiment is executed by an execution end, and the technical scheme of the present application is described from the perspective of data verification, where the method may include the following steps:
401: receiving an authentication request; wherein the validation request includes a target data identification.
402: and determining a first verification message and first key information corresponding to the target data identifier obtained by searching in the target record.
The target data identification is a data identification of data to be verified, and can comprise a database name, a database table name, a column name, a row number and a data unique identification, and at least one target data can be verified through the target data identification; the target data identifier may also include a database name, a database table name, a column name, and a row number, and at least one row of data as the target data may be verified by the target data identifier.
The verification messages and the key information corresponding to different data identifiers are stored in the target record, and the specific generation methods of the verification messages and the key information corresponding to different data identifiers can be described in detail in the embodiment shown in fig. 2, and are not repeated here.
As one implementation, the receiving the authentication request includes:
receiving a verification request sent by a control end; the verification request comprises the first verification message and the first key information which are searched and obtained by the control terminal from the target record based on the target data identification;
as one implementation, the accepting the authentication request includes:
receiving a verification request sent by a calling party; the verification request comprises the first verification message and the first key information which are obtained by the control end, obtained by the calling party from the control end, and searched from the target record based on the target data identification; the execution end directly communicates with the calling party to acquire the first verification message and the first key information.
When data needs to be checked, integrity verification is carried out on the data, namely whether the data is tampered or not is verified, after target data needing to be checked is determined, an execution end receives a verification request containing a target data identifier, and then a first verification message and the first key information are obtained by searching a target record through the target data identifier.
403: reading target data of the target data identification index from a database, and generating a second verification message of the target data by using a first key corresponding to the first key information;
after the actuator reads the target data of the target data identification index from the database, the target data are subjected to character recombination to obtain target recombination data, and a result obtained by performing algorithm processing on the target recombination data is converted into a second verification message by the first secret key.
404: and performing security verification on the target data based on the first verification message and the second verification message.
405: and outputting the verification result of the target data.
As an implementation, the outputting the verification result of the target data may include:
and correspondingly sending the target data identification and the corresponding verification result to the control end so that the control end can output the target data identification and the corresponding verification result.
As an implementation, the outputting the verification result of the target data may further include:
and correspondingly sending the target data identification and the corresponding verification result to a calling party so that the calling party can directly obtain the verification result.
Comparing the first verification message with the second verification message, if the first verification message is the same as the second verification message, the data is complete and is not tampered, and the verification result is not tampered; if the verification result is not the same as the verification result, the data is incomplete, the data is tampered, and the verification result is a second verification message so that the data calling party can determine the data tampering reason according to the second verification message.
In the embodiment of the application, when a caller checks data, the caller verifies target data, after receiving a verification request, an execution end searches for first verification information and first key information in a target record through a target data identifier included in the verification request, reads target data indexed by the target data identifier from a database, generates second verification information of the target data by using a first key corresponding to the first key information, compares the first verification information with the second verification information, completes verification of data security, and sends a verification result to one end sending the verification request after verification is completed.
Fig. 5 is a flowchart of an embodiment of a data protection method provided in the present application, where the technical solution of the present embodiment is executed by a control end, and the method may include the following steps:
501: responding to the verification operation of a calling party, and determining a target data identifier requesting verification;
502: searching and obtaining a first verification message and first key information corresponding to the target data identification from a target record; the target record stores verification information and key information corresponding to different data identifications;
503: sending the first verification message and the first key information corresponding to the target data identifier to an execution end, so that the execution end reads target data indexed by the target data identifier from a database, generates a second verification message of the target data by using a first key corresponding to the first key information, and performs security verification on the target data based on the first verification message and the second verification message;
504: and outputting the verification result of the target data sent by the execution end.
In the embodiment of the application, when a caller views data, target data is verified first, a control terminal determines a target data identifier requesting verification, so that the target data identifier searches a first verification message and first key information corresponding to the target data identifier from a target record, then the target data identifier, the corresponding first verification message and the first key information are sent to an execution terminal, so that the execution terminal reads target data indexed by the target data identifier from a database, generates a second verification message of the target data by using the first key corresponding to the first key information, performs security verification on the target data based on the first verification message and the second verification message, and finally outputs a verification result sent by the execution terminal.
In one embodiment of the present application, the execution side may exist as a database internal plug-in.
The difference between the embodiment of the present application and the case where the execution end and the database are two independent processes is only that, when the execution end exists as an internal plug-in as a database, the execution end and the database are started at the same time and stopped, and are started in an initialization loading manner, and the rest of working manners are the same as those when the execution end and the database are two independent processes, which is not described herein again.
Fig. 6 is a block diagram of another embodiment of a data protection device provided in the present application, where the device may include:
the first receiving module 601: for receiving a configuration request; the configuration request comprises a data identifier;
the first reading module 602: the data to be protected used for reading the data identification index from a database;
the first generation module 603: generating a verification message of the data to be protected based on a target key;
the first preservation module 604: the system is used for correspondingly storing the data identification, the verification message and the key information of the target key into a target record; the target record is used for searching corresponding first verification information and first key information according to a target data identifier required to be verified; the first key information is used for generating a second verification message from the target data indexed by the target data identifier; the first verification message is used for performing security verification on the target data in combination with the second verification message.
In some embodiments, the receiving of the configuration request by the first receiving module 601 may specifically be: receiving a configuration request sent by a control end; the configuration request is generated by the control end responding to the configuration operation of a caller;
the step of correspondingly storing the data identifier, the verification message, and the key information corresponding to the target key into the target record by the first storing module 604 may specifically be: and correspondingly storing the data identification, the verification message and the key information into a target record of the control end.
Wherein, the key information is a key identifier, the apparatus may further include:
the second receiving module 605: the key management system is used for receiving and storing different key identifications and corresponding keys sent by the control end;
the configuration request received by the first receiving module 601 further includes a target key identifier; the apparatus may further include:
the first lookup module 606: for looking up the target key corresponding to the target key identification in the configuration request received by the first receiving module 601.
The apparatus may further include:
the third receiving module 607: and the device is used for receiving an update request aiming at the target key identification sent by the control terminal and updating the target key.
In some embodiments, the step of correspondingly storing the data identifier, the verification message, and the key information of the target key into the target record by the first storing module 604 may specifically be: writing the data identification, the verification message and the key information into a record table configured in advance in the database; and sending the record table to a control end so that the control end can store the record table as a target record.
In some embodiments, the reading module 602 may specifically read the data to be protected of the data identification index from the database by: packaging the configuration request into a query statement; the query statement is used for searching the data to be protected indexed by the data identifier in the database; and reading the data to be protected of the data identification index based on the query statement.
In some embodiments, the first generating module 603 may specifically generate the verification message of the data to be protected based on the target key by: carrying out character recombination on the data to be protected indexed by at least one data identification to obtain recombined data; and carrying out algorithm processing on the recombined data based on the target key to generate a verification message.
In some embodiments, the receiving of the configuration request by the first receiving module 601 may further specifically be: a caller-triggered configuration request is received.
The data protection apparatus shown in fig. 6 may execute the data protection method shown in the embodiment shown in fig. 2, and the implementation principle and the technical effect are not described again. The specific manner in which each module and unit of the data protection device in the above embodiments perform operations has been described in detail in the embodiments related to the method, and will not be described in detail here.
Fig. 7 is a block diagram of another embodiment of a data protection device provided in the present application, where the device may include:
the first transmitting module 701: the system comprises a data identification, a configuration request and a verification message, wherein the data identification is used for responding to configuration operation, the configuration request containing the data identification is sent to an execution end, so that the execution end reads data to be protected indexed by the data identification from a database, and the verification message of the data to be protected is generated by using a target key;
the fourth receiving module 702: the key information is used for receiving the data identification, the verification message and the target key sent by the execution end;
the second saving module 703: the system is used for correspondingly storing the data identification, the verification message and the key information into a target record; the target record is used for searching corresponding first verification information and first key information according to a target data identifier required to be verified; the first key information is used for generating a second verification message from the target data indexed by the target data identifier; the first verification message is used for performing security verification on the target data in combination with the second verification message.
In some embodiments, the sending module 701, in response to the configuration operation, determines that the data identifier may specifically be: providing an operation interface; displaying configuration prompt information on the operation interface; and determining the data identification of the configuration in response to the configuration operation triggered by the configuration prompt information.
In some embodiments, the sending module 701 may specifically send the configuration request including the data identifier to the execution end as follows: packaging the configuration request containing the data identifier; transmitting the configuration request of the data identifier after encapsulation processing to an execution end through a secure channel; wherein the secure channel is used for transmission encryption.
The data protection apparatus shown in fig. 7 may execute the data protection method shown in the embodiment shown in fig. 3, and the implementation principle and the technical effect are not described again. The specific manner in which each module and unit of the data protection device in the above embodiments perform operations has been described in detail in the embodiments related to the method, and will not be elaborated herein.
Fig. 8 is a block diagram of another embodiment of a data protection device provided in the present application, where the device may include:
the fifth receiving module 801: for receiving an authentication request; wherein the validation request includes a target data identification;
the first determination module 802: the first verification message and the first key information corresponding to the target data identification searched and obtained from the target record are determined; the target record stores verification information and key information corresponding to different data identifications;
the second reading module 803: the second verification message is used for reading the target data of the target data identification index from a database and generating the target data by using a first key corresponding to the first key information;
the first verification module 804: for performing security verification on the target data based on the first verification message and the second verification message;
the first output module 805: and the verification result is used for outputting the target data.
In some embodiments, the fifth receiving module 801 receiving the verification request may specifically be: receiving a verification request sent by a control end; the verification request comprises the first verification message and the first key information which are searched and obtained by the control terminal from the target record based on the target data identification; the outputting the verification result of the target data comprises: and correspondingly sending the target data identification and the corresponding verification result to the control end so that the control end can output the target data identification and the corresponding verification result.
The data protection apparatus shown in fig. 8 may execute the data protection method shown in the embodiment shown in fig. 4, and details of the implementation principle and the technical effect are not repeated. The specific manner in which each module and unit of the data protection device in the above embodiments perform operations has been described in detail in the embodiments related to the method, and will not be elaborated herein.
Fig. 9 is a block diagram of another embodiment of a data protection device provided in the present application, where the device may include:
the first response module 901: the verification operation module is used for responding to a caller and determining a target data identifier for requesting verification;
the second lookup module 902: the system comprises a target record, a first verification message and first key information, wherein the first verification message and the first key information correspond to a target data identifier; the target record stores verification information and key information corresponding to different data identifications;
the second sending module 903: the system comprises a database, a target data identification, a first verification message and first key information, and an execution end, wherein the database is used for storing the target data identification, the first verification message and the first key information;
the second output module 904: and the verification result is used for outputting the target data sent by the execution end.
The data protection apparatus shown in fig. 9 may execute the data protection method shown in the embodiment shown in fig. 5, and the implementation principle and the technical effect are not described again. The specific manner in which each module and unit of the data protection device in the above embodiments perform operations has been described in detail in the embodiments related to the method, and will not be described in detail here.
In one possible design, the data protection apparatus of the embodiment shown in fig. 6 may be implemented as a computing device, which may include a storage component 1001 and a processing component 1002 as shown in fig. 10;
the storage component stores one or more computer instructions for execution by the processing component to implement the data protection method of the embodiment shown in fig. 2.
Of course, a computing device may also necessarily include other components, such as input/output interfaces, communication components, and so forth. The input/output interface provides an interface between the processing components and peripheral interface modules, which may be output devices, input devices, etc. The communication component is configured to facilitate wired or wireless communication between the computing device and other devices, and the like.
The computing device may be a physical device or an elastic computing host provided by a cloud computing platform, and the computing device may be a cloud server, and the processing component, the storage component, and the like may be basic server resources rented or purchased from the cloud computing platform.
The processing component 1002 may include one or more processors to execute computer instructions to perform all or some of the steps of the methods described above. Of course, the processing elements may also be implemented as one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), control terminals, micro-control terminals, microprocessors or other electronic components configured to perform the above-described methods.
The storage component 1001 is configured to store various types of data to support operations in the device. The memory components may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
In one possible design, the data protection apparatus of the embodiment shown in fig. 7 may be implemented as a computing device, which may include a storage component 1101 and a processing component 1102, as shown in fig. 11;
the storage component stores one or more computer instructions for execution by the processing component to implement the data protection method of the embodiment shown in fig. 3.
Of course, a computing device may also necessarily include other components, such as input/output interfaces, communication components, and so forth. The input/output interface provides an interface between the processing components and peripheral interface modules, which may be output devices, input devices, etc. The communication component is configured to facilitate wired or wireless communication between the computing device and other devices, and the like.
The computing device may be a physical device or an elastic computing host provided by a cloud computing platform, and the computing device may be a cloud server, and the processing component, the storage component, and the like may be basic server resources rented or purchased from the cloud computing platform.
The processing component 1102 may include one or more processors to execute computer instructions to perform all or some of the steps of the methods described above. Of course, the processing elements may also be implemented as one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), control terminals, micro-control terminals, microprocessors or other electronic components configured to perform the above-described methods.
The storage component 1101 is configured to store various types of data to support operations in the device. The memory components may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
In one possible design, the data protection apparatus of the embodiment shown in fig. 8 may be implemented as a computing device, which may include a storage component 1201 and a processing component 1202 as shown in fig. 12;
the storage component stores one or more computer instructions for execution by the processing component to implement the data protection method of the embodiment shown in fig. 4.
Of course, a computing device may also necessarily include other components, such as input/output interfaces, communication components, and so forth. The input/output interface provides an interface between the processing component and a peripheral interface module, which may be an output device, an input device, etc. The communication component is configured to facilitate wired or wireless communication between the computing device and other devices, and the like.
The computing device may be a physical device or an elastic computing host provided by a cloud computing platform, and the computing device may be a cloud server, and the processing component, the storage component, and the like may be basic server resources rented or purchased from the cloud computing platform.
The processing component 1202 may include one or more processors to execute computer instructions to perform all or a portion of the steps of the methods described above. Of course, the processing elements may also be implemented as one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), control terminals, micro-control terminals, microprocessors or other electronic components configured to perform the above-described methods.
The storage component 1201 is configured to store various types of data to support operations in the device. The memory components may be implemented by any type or combination of volatile and non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
In one possible design, the data protection apparatus of the embodiment shown in fig. 9 may be implemented as a computing device, which may include a storage component 1301 and a processing component 1302 as shown in fig. 13;
the storage component stores one or more computer instructions for execution by the processing component to implement the data protection method of the embodiment shown in fig. 5.
Of course, a computing device may also necessarily include other components, such as input/output interfaces, communication components, and so forth. The input/output interface provides an interface between the processing components and peripheral interface modules, which may be output devices, input devices, etc. The communication component is configured to facilitate wired or wireless communication between the computing device and other devices, and the like.
The computing device may be a physical device or an elastic computing host provided by a cloud computing platform, and the computing device may be a cloud server, and the processing component, the storage component, and the like may be basic server resources rented or purchased from the cloud computing platform.
The processing component 1302 may include one or more processors to execute computer instructions to perform all or a portion of the steps of the methods described above. Of course, the processing elements may also be implemented as one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), control terminals, micro-control terminals, microprocessors or other electronic components configured to perform the above-described methods.
The storage component 1301 is configured to store various types of data to support operations in the device. The memory components may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
An embodiment of the present application further provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a computer, the data protection method of the embodiment shown in fig. 2 may be implemented.
An embodiment of the present application further provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a computer, the data protection method of the embodiment shown in fig. 3 may be implemented.
An embodiment of the present application further provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a computer, the data protection method of the embodiment shown in fig. 4 may be implemented.
An embodiment of the present application further provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a computer, the data protection method in the embodiment shown in fig. 5 may be implemented.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (16)

1. A method of data protection, comprising:
receiving a configuration request; the configuration request comprises a data identifier;
reading the data to be protected indexed by the data identification from a database;
generating a verification message of the data to be protected based on a target key;
correspondingly storing the data identification, the verification message and the key information of the target key into a target record; the target record is used for searching corresponding first verification information and first key information according to a target data identifier required to be verified; the first key information is used for generating a second verification message from the target data indexed by the target data identifier; the first verification message is used for performing security verification on the target data in combination with the second verification message.
2. The method of claim 1, wherein receiving the configuration request comprises:
receiving a configuration request sent by a control end; the configuration request is generated by the control end responding to the configuration operation of a caller;
correspondingly storing the data identifier, the verification message and the key information corresponding to the target key into a target record comprises:
and correspondingly storing the data identification, the verification message and the key information into a target record of the control end.
3. The method of claim 2, wherein the key information is a key identification; the method further comprises the following steps:
receiving and storing different key identifications and corresponding keys respectively sent by the control end;
wherein, the configuration request comprises a target key identifier; after receiving the configuration request, the method further comprises:
and searching the target key corresponding to the target key identification.
4. The method of claim 3, further comprising:
and receiving an updating request aiming at the target key identification sent by the control terminal, and updating the target key.
5. The method of claim 1, wherein reading the data to be protected of the data identification index from the database comprises:
packaging the configuration request into a query statement; the query statement is used for searching the data to be protected indexed by the data identifier in the database;
and reading the data to be protected of the data identification index based on the query statement.
6. The method of claim 1, wherein generating the verification message for the data to be protected based on the target key comprises:
carrying out character recombination on the data to be protected indexed by at least one data identification to obtain recombined data;
and carrying out algorithm processing on the recombined data based on the target key to generate a verification message.
7. The method according to claim 2, wherein the correspondingly storing the data identifier, the verification message, and the key information into the target record of the control end comprises:
writing the data identification, the verification message and the key information into a record table configured in advance in the database;
and sending the record table to a control end so that the control end can store the record table as a target record.
8. The method of claim 1, wherein receiving the configuration request comprises:
a caller-triggered configuration request is received.
9. A method for protecting data, comprising:
responding to configuration operation, determining a data identifier, sending a configuration request containing the data identifier to an execution end, so that the execution end reads data to be protected indexed by the data identifier from a database, and generating a verification message of the data to be protected by using a target key;
receiving the data identifier, the verification message and the key information of the target key sent by the execution end;
correspondingly storing the data identification, the verification message and the key information into a target record; the target record is used for searching corresponding first verification information and first key information according to a target data identifier required to be verified; the first key information is used for generating a second verification message from the target data indexed by the target data identifier; the first verification message is used for performing security verification on the target data in combination with the second verification message.
10. The method of claim 9, wherein determining a data identity in response to a configuration operation comprises:
providing an operation interface;
displaying configuration prompt information on the operation interface;
and determining the data identification of the configuration in response to the configuration operation triggered by the configuration prompt information.
11. The method of claim 9, wherein sending the configuration request including the data identifier to the execution side comprises:
packaging the configuration request containing the data identifier;
transmitting the configuration request of the data identifier after encapsulation processing to an execution end through a secure channel; wherein the secure channel is used for transmission encryption.
12. A method for protecting data, comprising:
receiving an authentication request; wherein the validation request includes a target data identification;
determining a first verification message and first key information corresponding to the target data identifier searched and obtained from a target record; the target record stores verification information and key information corresponding to different data identifications;
reading target data of the target data identification index from a database, and generating a second verification message of the target data by using a first key corresponding to the first key information;
performing security verification on the target data based on the first verification message and the second verification message;
and outputting the verification result of the target data.
13. The method of claim 12, wherein receiving the validation request comprises:
receiving a verification request sent by a control end; the verification request comprises the first verification message and the first key information which are searched and obtained by the control terminal from the target record based on the target data identification;
the outputting the verification result of the target data comprises:
and correspondingly sending the target data identification and the corresponding verification result to the control end so that the control end can output the target data identification and the corresponding verification result.
14. A method for protecting data, comprising:
responding to the verification operation of a calling party, and determining a target data identifier requesting verification;
searching and acquiring a first verification message and first key information corresponding to the target data identifier from a target record; the target record stores verification information and key information corresponding to different data identifications;
sending the first verification message and the first key information corresponding to the target data identifier to an execution end, so that the execution end reads target data indexed by the target data identifier from a database, generates a second verification message of the target data by using a first key corresponding to the first key information, and performs security verification on the target data based on the first verification message and the second verification message;
and outputting the verification result of the target data sent by the execution end.
15. A computing device comprising a processing component and a storage component;
the storage component stores one or more computer instructions; the one or more computer instructions to be invoked for execution by the processing component;
the processing component is used for realizing the method for protecting the data according to any one of claims 1 to 8 or the method for protecting the data according to any one of claims 9 to 11 or the method for protecting the data according to any one of claims 12 to 13 or the method for protecting the data according to claim 14.
16. A computer storage medium, characterized in that a computer program is stored, which, when executed by a computer, implements a method of data protection according to any one of claims 1 to 8 or implements a method of data protection according to any one of claims 9 to 11 or implements a method of data protection according to any one of claims 12 to 13 or implements a method of data protection according to claim 14.
CN202210726301.7A 2022-06-23 2022-06-23 Data protection method, electronic device and computer storage medium Pending CN115114657A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210726301.7A CN115114657A (en) 2022-06-23 2022-06-23 Data protection method, electronic device and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210726301.7A CN115114657A (en) 2022-06-23 2022-06-23 Data protection method, electronic device and computer storage medium

Publications (1)

Publication Number Publication Date
CN115114657A true CN115114657A (en) 2022-09-27

Family

ID=83328949

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210726301.7A Pending CN115114657A (en) 2022-06-23 2022-06-23 Data protection method, electronic device and computer storage medium

Country Status (1)

Country Link
CN (1) CN115114657A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116011000A (en) * 2023-03-27 2023-04-25 北京信安世纪科技股份有限公司 Access method, device and computing equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116011000A (en) * 2023-03-27 2023-04-25 北京信安世纪科技股份有限公司 Access method, device and computing equipment

Similar Documents

Publication Publication Date Title
CN110365670B (en) Blacklist sharing method and device, computer equipment and storage medium
US11122087B2 (en) Managing cybersecurity vulnerabilities using blockchain networks
CN108337239B (en) Event attestation of electronic devices
CN108734028B (en) Data management method based on block chain, block chain link point and storage medium
CN108989346B (en) Third-party valid identity escrow agile authentication access method based on account hiding
CN110995446B (en) Evidence verification method, device, server and storage medium
CN111464561B (en) Data ferry management system
CN114372276A (en) Data security protection method and device, electronic equipment and storage medium
CN111859457A (en) Intelligent contract setting method and system
JP2022534677A (en) Protecting online applications and web pages that use blockchain
US10158623B2 (en) Data theft deterrence
CN115114657A (en) Data protection method, electronic device and computer storage medium
CN109587134B (en) Method, apparatus, device and medium for secure authentication of interface bus
CN111800390A (en) Abnormal access detection method, device, gateway equipment and storage medium
CN114553557B (en) Key calling method, device, computer equipment and storage medium
CN113726515B (en) UKEY-based key processing method, storage medium and electronic device
CN109413200A (en) A kind of method, client, MES and electronic equipment that resource imports
CN111769956B (en) Service processing method, device, equipment and medium
CN113868628A (en) Signature verification method and device, computer equipment and storage medium
CN113890751A (en) Method, apparatus and readable storage medium for controlling voting of alliance link authority
CN113360575A (en) Method, device, equipment and storage medium for supervising transaction data in alliance chain
CN111292082A (en) Public key management method, device and equipment in block chain type account book
CN111079155A (en) Data processing method and device, electronic equipment and computer storage medium
CN113961970B (en) Cross-network-segment network disk login identity authentication method and device, network disk and storage medium
CN115225350B (en) Government cloud encryption login verification method based on national secret certificate and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination